本文整理匯總了Python中elastalert.ruletypes.FlatlineRule類的典型用法代碼示例。如果您正苦於以下問題:Python FlatlineRule類的具體用法?Python FlatlineRule怎麽用?Python FlatlineRule使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。
在下文中一共展示了FlatlineRule類的7個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: test_flatline_no_data
def test_flatline_no_data():
rules = {
'timeframe': datetime.timedelta(seconds=30),
'threshold': 2,
'timestamp_field': '@timestamp',
}
rule = FlatlineRule(rules)
# Initial lack of data
rule.garbage_collect(ts_to_dt('2014-09-26T12:00:00Z'))
assert len(rule.matches) == 0
# Passed the timeframe, still no events
rule.garbage_collect(ts_to_dt('2014-09-26T12:35:00Z'))
assert len(rule.matches) == 1
示例2: test_flatline
def test_flatline():
events = hits(10)
rules = {"timeframe": datetime.timedelta(seconds=30), "threshold": 2, "timestamp_field": "@timestamp"}
rule = FlatlineRule(rules)
# 1 hit should cause an alert until after at least 30 seconds pass
rule.add_data(hits(1))
assert rule.matches == []
rule.add_data(events)
# This will be run at the end of the hits
rule.garbage_collect(ts_to_dt("2014-09-26T12:00:11Z"))
assert rule.matches == []
# This would be run if the query returned nothing for a future timestamp
rule.garbage_collect(ts_to_dt("2014-09-26T12:00:45Z"))
assert len(rule.matches) == 1
示例3: test_flatline_query_key
def test_flatline_query_key():
rules = {'timeframe': datetime.timedelta(seconds=30),
'threshold': 1,
'use_query_key': True,
'query_key': 'qk',
'timestamp_field': '@timestamp'}
rule = FlatlineRule(rules)
# Adding two separate query keys, the flatline rule should trigger for both
rule.add_data(hits(1, qk='key1'))
rule.add_data(hits(1, qk='key2'))
rule.add_data(hits(1, qk='key3'))
assert rule.matches == []
# This will be run at the end of the hits
rule.garbage_collect(ts_to_dt('2014-09-26T12:00:11Z'))
assert rule.matches == []
# Add new data from key3. It will not immediately cause an alert
rule.add_data([create_event(ts_to_dt('2014-09-26T12:00:20Z'), qk='key3')])
# key1 and key2 have not had any new data, so they will trigger the flatline alert
timestamp = '2014-09-26T12:00:45Z'
rule.garbage_collect(ts_to_dt(timestamp))
assert len(rule.matches) == 2
assert set(['key1', 'key2']) == set([m['key'] for m in rule.matches if m['@timestamp'] == timestamp])
# Next time the rule runs, the key1 and key2 will have been forgotten. Now key3 will cause an alert
timestamp = '2014-09-26T12:01:20Z'
rule.garbage_collect(ts_to_dt(timestamp))
assert len(rule.matches) == 3
assert set(['key3']) == set([m['key'] for m in rule.matches if m['@timestamp'] == timestamp])
示例4: test_flatline_count
def test_flatline_count():
rules = {'timeframe': datetime.timedelta(seconds=30),
'threshold': 1,
'timestamp_field': '@timestamp'}
rule = FlatlineRule(rules)
rule.add_count_data({ts_to_dt('2014-10-11T00:00:00'): 1})
rule.garbage_collect(ts_to_dt('2014-10-11T00:00:10'))
assert len(rule.matches) == 0
rule.add_count_data({ts_to_dt('2014-10-11T00:00:15'): 0})
rule.garbage_collect(ts_to_dt('2014-10-11T00:00:20'))
assert len(rule.matches) == 0
rule.add_count_data({ts_to_dt('2014-10-11T00:00:35'): 0})
assert len(rule.matches) == 1
示例5: test_flatline
def test_flatline():
events = hits(40)
rules = {
'timeframe': datetime.timedelta(seconds=30),
'threshold': 2,
'timestamp_field': '@timestamp',
}
rule = FlatlineRule(rules)
# 1 hit should cause an alert until after at least 30 seconds pass
rule.add_data(hits(1))
assert rule.matches == []
# Add hits with timestamps 2014-09-26T12:00:00 --> 2014-09-26T12:00:09
rule.add_data(events[0:10])
# This will be run at the end of the hits
rule.garbage_collect(ts_to_dt('2014-09-26T12:00:11Z'))
assert rule.matches == []
# This would be run if the query returned nothing for a future timestamp
rule.garbage_collect(ts_to_dt('2014-09-26T12:00:45Z'))
assert len(rule.matches) == 1
# After another garbage collection, since there are still no events, a new match is added
rule.garbage_collect(ts_to_dt('2014-09-26T12:00:50Z'))
assert len(rule.matches) == 2
# Add hits with timestamps 2014-09-26T12:00:30 --> 2014-09-26T12:00:39
rule.add_data(events[30:])
# Now that there is data in the last 30 minutes, no more matches should be added
rule.garbage_collect(ts_to_dt('2014-09-26T12:00:55Z'))
assert len(rule.matches) == 2
# After that window passes with no more data, a new match is added
rule.garbage_collect(ts_to_dt('2014-09-26T12:01:11Z'))
assert len(rule.matches) == 3
示例6: test_flatline_query_key
def test_flatline_query_key():
rules = {
"timeframe": datetime.timedelta(seconds=30),
"threshold": 1,
"use_query_key": True,
"query_key": "qk",
"timestamp_field": "@timestamp",
}
rule = FlatlineRule(rules)
# Adding two separate query keys, the flatline rule should trigger for both
rule.add_data(hits(1, qk="key1"))
rule.add_data(hits(1, qk="key2"))
rule.add_data(hits(1, qk="key3"))
assert rule.matches == []
# This will be run at the end of the hits
rule.garbage_collect(ts_to_dt("2014-09-26T12:00:11Z"))
assert rule.matches == []
# Add new data from key3. It will not immediately cause an alert
rule.add_data([create_event(ts_to_dt("2014-09-26T12:00:20Z"), qk="key3")])
# key1 and key2 have not had any new data, so they will trigger the flatline alert
timestamp = "2014-09-26T12:00:45Z"
rule.garbage_collect(ts_to_dt(timestamp))
assert len(rule.matches) == 2
assert set(["key1", "key2"]) == set([m["key"] for m in rule.matches if m["@timestamp"] == timestamp])
# Next time the rule runs, the key1 and key2 will have been forgotten. Now key3 will cause an alert
timestamp = "2014-09-26T12:01:20Z"
rule.garbage_collect(ts_to_dt(timestamp))
assert len(rule.matches) == 3
assert set(["key3"]) == set([m["key"] for m in rule.matches if m["@timestamp"] == timestamp])
示例7: test_flatline_count
def test_flatline_count():
rules = {"timeframe": datetime.timedelta(seconds=30), "threshold": 1, "timestamp_field": "@timestamp"}
rule = FlatlineRule(rules)
rule.add_count_data({ts_to_dt("2014-10-11T00:00:00"): 1})
rule.garbage_collect(ts_to_dt("2014-10-11T00:00:10"))
assert len(rule.matches) == 0
rule.add_count_data({ts_to_dt("2014-10-11T00:00:15"): 0})
rule.garbage_collect(ts_to_dt("2014-10-11T00:00:20"))
assert len(rule.matches) == 0
rule.add_count_data({ts_to_dt("2014-10-11T00:00:35"): 0})
assert len(rule.matches) == 1